Hi All,
I tried to use Search but got error message.
My question is where can I find configuration setting to mitigate TLS1.0/TLS1.1 vulnerabilities on SOSS port 723/724.
Windows server 2016 registry setting are correct so no such TLS1.0/TLS1.1 on port 443/3389/8172. thanks.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.0 both Server and Client
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.1 both Server and Client
correct value shows:
DisableByDefault : 0x00000001(1)
Enabled: 0x00000000(0)
-------------------------------------------
Vulnerability
Medium
Vulnerability Type Id157288
Containment StatusNo Containment Required
DescriptionThe remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1 As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
SolutionEnable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Exploit AvailableN/A
Source TypeTenable
Details
I tried to use Search but got error message.
My question is where can I find configuration setting to mitigate TLS1.0/TLS1.1 vulnerabilities on SOSS port 723/724.
Windows server 2016 registry setting are correct so no such TLS1.0/TLS1.1 on port 443/3389/8172. thanks.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.0 both Server and Client
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.1 both Server and Client
correct value shows:
DisableByDefault : 0x00000001(1)
Enabled: 0x00000000(0)
-------------------------------------------
Vulnerability
Medium
Vulnerability Type Id157288
Containment StatusNo Containment Required
DescriptionThe remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1 As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
SolutionEnable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Exploit AvailableN/A
Source TypeTenable
Details